[ Main Index | ipSentry Application Index ]
 

The ipSentry DNS/RADIUS/UDP Monitoring Add-In provides you with the ability to monitor UDP based servers such as DNS servers, and send UDP based alerts.

This add-in was developed with RADIUS and DNS servers in mind and can test both types of servers to ensure that they are accepting request packets and returning responses including RADIUS Authentication responses and DNS name resolutions.

From the Entry Editor, set the Type of entry to Add-In, click Select Add-In and select the DNS/RADIUS/UDP Monitor.
Click on the Configure Add-In button.

DNS/RADIUS/UDP Monitor Configuration - General Settings

DNS, RADIUS, UDP Monitoring Add-In Configuration

After selecting to Configure Add-in from the main ipSentry Entry Editor, you will be presented with the DNS/RADIUS/UDP Monitoring configuration options.  Because UDP is binary packet based, much of the data being sent/received will need to be encoded.  We have provided common RADIUS and DNS configuration options to help with the required encoding/decoding for these specific monitoring tests.

IP Address
Specify the IP Address of the destination host that should receive and process the UDP packet.

Port
Enter the port number on which the host is listening for incoming UDP packets.
e.g. 53 = DNS

Timeout (ms)
Enter the amount of time (in milliseconds) that the add-in should wait for a response if a response is expected.

Retries
Enter the number of attempts that should be made before the add-in returns a failure.
e.g. RADIUS specifies 3 attempts if response not received in 30 seconds.

Initial Packet to Send
Enter the packet data that should be sent to the host.  Because most UDP servers accept binary data, you may need to use escape codes to represent byte values.
e.g. HELLO\x0D\x0A  would send HELLO followed by a character ASCII 13 and ASCII 10.
See Escape Codes below for information on entering binary data.

Packet to Receive
Enter the data that the add-in should use to evaluate the received data.  If you selected NOTHING or ANYTHING as the comparison option, this field will be disabled.
Again, because most UDP servers accept and send binary data, you may need to use escape codes to represent byte values. 
e.g. HELLO\x0D\x0A  would send HELLO followed by a character ASCII 13 and ASCII 10.
See Escape Codes for information on entering binary data.

Receive Packet Comparison Option
The selection provides 4 options on how the add-in should handle and compare data received from the host.

NOTHING
Selecting this option signifies that the host system will not send a response and the add-in should not await such a response.

ANYTHING
Selecting this option signifies that the host WILL send a response, but the contents will vary such that there is no way to identify specific contents within that response. e.g. The reply will likely not contain a consistently identifiable set of characters.

CONTAINS
Selecting this option signifies that the information entered in the text field below MUST appear somewhere in the received packet.

EQUAL
Selecting this option signifies that you know the exact contents of the packet that should be received and that no variance to the entered data will be accepted.

Final Packet to Send
In some cases, you may want to send a packet of data to the host before the add-in exits.  This is used in situations where the receipt of specific packet data signifies the end of session and provides a "clean" exit.  Because UDP is "connectionless", this is not usually required for most systems although some servers may desire a termination packet.  You will need to check the documentation provided by your server to see whether this type of packet is beneficial.

RADIUS Generic (button)
Selecting this option will fill in the appropriate fields with data necessary to simulate a bad "access-request" packet for RADIUS authentication.  While most servers will acknowledge receipt of this packet with a "NAK" packet, some security configurations are such that no data will be returned.

RADIUS Custom (button)

RADIUS Monitoring Add-In Configuration
Selecting this option will prompt you for RADIUS account information (User, Password, Secret, and expectation of ACK or NAK from the server) and configure the appropriate packet information during the monitoring process.  Thus, a true 'Access-Request' packet with valid authentication information will be transmitted to the RADIUS server.  While most servers will acknowledge receipt of an invalid packet with a "NAK" packet, some security configurations are such that no data will be returned and may require ACK expectation.

You may need to configure your RADIUS server in such a way as to allow login from a "Virtual" NAS-Port (6) and to ignore any other attributes contained in the packet with the exception of the password.

If you can not receive an ACK response from the RADIUS server, you will need to check your RADIUS logs to identify the reason for authorization failure and correct as necessary to allow the authentication at the server.

*RADIUS Server configuration is beyond the scope of this document.

DNS Status
Will fill in the appropriate fields with data necessary to perform a DNS Server Status request.  If the server is alive and responding, it will send back a status reply packet.

DNS Query

DNS Query Configuration
Select this option will prompt you for a domain name and IP Address.  It will then fill in the appropriate fields with data necessary packet data to perform a DNS QUERY request for the domain name/ipaddress combo.

When you enter the FQDN in the Domain Name to check, the add-in will make a request for the A record and fill in the IP Address.  You may override the IP Address to be received.
 

Common Escape Codes
This chart represents some common escape sequences used to define UDP packets.
The UDP monitor recognizes Hex and Octal notations - use whichever you are comfortable with.

Escape

Decimal

Hex

Octal

Description

\n

10

\x0a

\o012

NL (Line Feed)

\t

9

\x09

\o011

TAB

\v

11

\x0b

\o013

VT (Vertical Tab)

\b

8

\x08

\o010

BS (Backspace)

\r

13

\x0d

\o015

CR (Return)

\f

12

\x0c

\o014

FF (Form Feed)

\a

7

\x07

\o007

BEL (Bell)

\s

47

\x2f

\o057

Slash (/)

\\

92

\x5c

\o134

Back Slash (\)

\?

63

\x3f

\o077

Question Mark (?)

\

39

\x27

\o047

Apostrophe ()

\"

34

\x22

\o042

Quote (")

\0

0

\x00

\o000

NULL

\o###

 

 

 

OCTAL ESCAPE

\x##

 

 

 

HEX ESCAPE

 

 



     If you require additional assistance, please visit our on-line support forum at http://forum.ipsentry.com.
 
  Copyright ©1997-2018 by RGE, Inc. - All Rights Reserved
  ipSentry® is a registered trademark of RGE, Inc.
Web Site: https://ipsentry.com
Support Email: support@ipsentry.com